In 2019, as the volume of cyberattacks continued to spike, cybercriminals were increasingly successful in infiltrating corporations’ sensitive data and information. A lot of these attacks, however, were the result of outdated cybersecurity systems and ineffective handling and encryption of sensitive data. As a result, companies around the world lost millions of dollars and spent countless hours working to clean-up the aftermath of costly data-breaches and malware attacks. As the cybersecurity landscape continues to advance in 2020, companies must have a comprehensive security suite that includes breach detection, EDR, email security and privileged access management software.
Capital One
Last year, Capital One had to announce that it had suffered a breach that impacted over 100 million people in the US and Canada. More specifically, the hacker was able to access personal credit card applications to steal the names, addresses, birthdays and income information of millions of applicants. The same hacker was able to steal credit information from Capital One customers, like credit scores, limits and balances. This data breach was executed through a method called a ‘Server Side Request Forgery,’ an attack in which a server is tricked into executing unauthorized commands. Capital One wasn’t even aware of the breach until after the attacker boasted about her hack online, meaning it went under the radar for much longer than it should have and put the confidential information of millions at risk.
American Medical Collection Agency
By infiltrating the American Medical Collection Agency’s (AMCA) systems, hackers were able to steal the names, social security numbers and credit card information of over 20 million US citizens. This large-scale attack lasted from August 1, 2018 until March 30, 2019, making it an almost yearlong breach in which the stolen data was sold on underground web forums. Even after the infiltrated data-portal was closed down, AMCA and its corporate partners saw significant declines in business, had class-action lawsuits filed against them, needed to cut down their workforce and the AMCA ultimately filed for bankruptcy. With the proper endpoint security and breach detection software in place, the AMCA could have detected this breach, saving themselves and others from losing time, money and consumer trust.
Los Angeles Police Department
This past summer, the Los Angeles Police Department (LAPD) suffered from its largest and most sensitive data breach to date. An unidentified hacker was able to steal the names, social security numbers, email addresses and credentials of 2,500 LAPD officers and trainees and 17,500 department applicants. It wasn’t until the hacker emailed the LAPD directly with samples of the information, that they even realized they had been hacked. With the proper suite of security products, they could have patched system vulnerabilities and avoided the attack.
Voova
Voova, a software company in the U.K., experienced an attack from an increasingly prevalent type of cybercriminal: a disgruntled former employee. After this employee was fired from Voova, he stole a former coworker’s AWS login information and deleted over 20 of the company’s AWS servers. As a result, Voova lost out on big contracts and was never able to recover the deleted data. If Voova had proper privileged access management software and practices in place, the company could have recognized the abnormal behavior from the login and stopped the attack from causing as much damage as it did.
Many companies suffered serious losses due to cybercriminals throughout 2019. Many of these attacks might have been prevented had the affected companies implemented the correct cybersecurity solutions in the first place. Every type of business is at risk of cyberattack, but small businesses need to stay especially vigilant, as 43% of attacks are geared towards them. As 2020 signs of progress and cyber threats continue to increase in volume and sophistication, every company should ensure that the proper breach detection, EDR, email security and privileged access management systems are in place.
Originally published at https://www.revbits.com on September 14, 2020.
